Test The Strength Of Your Security

securityMany agencies spend millions on security each year. Security investments range from firewalls to contractors, which spending is typically based on weighing risk of loss against cost to protect. Sometimes it’s difficult to evaluate the return on investment for security since the desired end result is not being compromised rather than a particular outcome that can be measured. Studies show regardless of the level of spending for security, the majority of IT management doesn’t know how effective their defenses are against today’s threat landscape. Here are some ways to evaluate the strength of your security.

Secure all access points to your network

* Security is as strong as your weakest link. Make sure all access points are secured or you will eventually be compromised. The common access points are Email, Web, LAN, Wireless, VPN, Data Center, Endpoint (laptops, desktops, etc.) and Mobile Devices.

Scan desktops and servers for vulnerabilities

* Tools are available for penetration testing such as Saint, Tenable, Core Impact and Rapid 7. The concept is simple … test for the same vulnerabilities hackers use to access your network. Penetration tools look for open ports, unpatched servers and other means hackers could use to compromise your equipment. The industry leaders typically can test all network nodes and include recommendations for remediation.

Evaluate network traffic for malicious intent

* Network forensic tools are available for capturing and categorizing network traffic (Example HERE). You will not know you are compromised if none of your security devices are triggered. Looking at traffic at the packet level can identify unknown communication through unrecognized ports, traffic with foreign entities or other red flags that indicate you have been compromised. Typically forensic skillsets are required to identify threats however manufactures like NetWitness offer great tools for simplifying packet level analytics.

Include failsafe security solutions that rate your existing toolsets

* Best practice is to test the effectiveness of your existing security toolsets. The most popular method is placing honeypots on your network with the goal of luring hackers who bypass your security into highly monitored systems. Other toolsets are available for testing your signature and behavior based tools such as Spectrum by NetWitness that can flag if specific threats could bypass your security. Another interesting tool is by FireEye that runs threats in a virtualized honeypot to identify malicious behavior.

Standardize and monitor your network device configurations

* Enforce a baseline template for all network devices to avoid vulnerable configurations and software. Network management tools by SolarWinds, Cisco, EMC, etc. can enforced standardized code and configurations as well as monitor if changes are made. I personally like 360GRC’s ConfigScan for evaluating configurations for vulnerabilities specified by industry standards.

Profile all devices on the network.

* Use a profiling tool such as Cisco ISE or Greatbay to identify what types of devices are on your network based on how they communicate. You may be surprised to find a few Xboxes hidden in a corner office.

Categorize Sensitive Data.

* Data Loss Prevention (DLP) leaders such as RSA and Symantec offer various tools that locate and categorize sensitive data. Make sure sensitive data is controlled and protected.

Test your staff with social engineering attacks.

* People will always be your weakest link. The only way to improve this is through training. I’ve seen customers use social engineering attacks on their users and show the results as a means of training. There are many online forums that can assist with developing your social engineering training strategy.

Periodically audit your network. 

* Use unbiased consultants to help you understand how vulnerable you are.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

4 thoughts on “Test The Strength Of Your Security”

  1. People will always be your weakest link,i think so , but it can change, do you think?

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  2. In most cases no (the exception is a small office that can monitor all users). The problem is most people are naturally helpful or naive to the need for security, which is a vulnerability that can be exploited.

    My colleague was paid to penetrate a corporate firm and capitalized on this concept. He took pictures of an employee’s badge and made a duplicate to get into the door. Once inside, he acted like a new employee and was eventually offered direct access to the main datacenter. Another example is a friend at a financial firm has a strict policy for mobile devices. A coworker was let go after posting their mail server info on a hacker website asking how to bypass security so he could get cooperate email on his jail-broken iPad. Some people call this a “layer zero” or people problem. The best way to reduce the risk caused by people is through automation meaning removing user choice from applying security.

    VN:F [1.9.22_1171]
    Rating: 5.0/5 (1 vote cast)
  3. Hey There Thesecurityblogger,
    Neat Post, Guarding our personal computers and certainly our individual sites is without doubt a priority when working with the web-based. The fact is that we do not in reality feel clearly when making use of the world wide web and click on around freely. This can lead to personal computers picking up a assortment of viruses, some of which can develop major threats to our personal pc methods. By utilizing a crystal clear online security screening methodology, pc people can swiftly remove threats.
    Keep up the good work

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.